Date: Tue, 20 Oct 2015 19:20:52 +0000 (UTC) From: "Conrad E. Meyer" <cem@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r289652 - head/sys/dev/ntb/if_ntb Message-ID: <201510201920.t9KJKqp3037944@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: cem Date: Tue Oct 20 19:20:52 2015 New Revision: 289652 URL: https://svnweb.freebsd.org/changeset/base/289652 Log: NTB: MFV 8c9edf63: Fix zero size or integer overflow in ntb_set_mw A plain 32 bit integer will overflow for values over 4GiB. Change the plain integer size to the appropriate size type in ntb_set_mw. Change the type of the size parameter and two local variables used for size. Even if there is no overflow, a size of zero is invalid here. Authored by: Allen Hubbe Reported by: Juyoung Jung Obtained from: Linux (Dual BSD/GPL driver) Sponsored by: EMC / Isilon Storage Division Modified: head/sys/dev/ntb/if_ntb/if_ntb.c Modified: head/sys/dev/ntb/if_ntb/if_ntb.c ============================================================================== --- head/sys/dev/ntb/if_ntb/if_ntb.c Tue Oct 20 19:20:42 2015 (r289651) +++ head/sys/dev/ntb/if_ntb/if_ntb.c Tue Oct 20 19:20:52 2015 (r289652) @@ -295,7 +295,7 @@ static void ntb_complete_rxc(void *arg, static void ntb_transport_doorbell_callback(void *data, uint32_t vector); static void ntb_transport_event_callback(void *data); static void ntb_transport_link_work(void *arg); -static int ntb_set_mw(struct ntb_transport_ctx *, int num_mw, unsigned size); +static int ntb_set_mw(struct ntb_transport_ctx *, int num_mw, size_t size); static void ntb_free_mw(struct ntb_transport_ctx *nt, int num_mw); static int ntb_transport_setup_qp_mw(struct ntb_transport_ctx *nt, unsigned int qp_num); @@ -1266,12 +1266,15 @@ out: } static int -ntb_set_mw(struct ntb_transport_ctx *nt, int num_mw, unsigned size) +ntb_set_mw(struct ntb_transport_ctx *nt, int num_mw, size_t size) { struct ntb_transport_mw *mw = &nt->mw_vec[num_mw]; - unsigned xlat_size, buff_size; + size_t xlat_size, buff_size; int rc; + if (size == 0) + return (EINVAL); + xlat_size = roundup(size, mw->xlat_align_size); buff_size = roundup(size, mw->xlat_align); @@ -1305,7 +1308,7 @@ ntb_set_mw(struct ntb_transport_ctx *nt, */ if (mw->dma_addr % mw->xlat_align != 0) { if_printf(nt->ifp, - "DMA memory 0x%jx not aligned to BAR size 0x%x\n", + "DMA memory 0x%jx not aligned to BAR size 0x%zx\n", (uintmax_t)mw->dma_addr, size); ntb_free_mw(nt, num_mw); return (ENOMEM);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201510201920.t9KJKqp3037944>